These alerts provide absolutely nothing for us to use to troubleshoot or create policies around. We have been getting 200+ alerts for example 2, with several coming from my machine, when I've received only 2 emails and they are both from legitimate sources.

J

Jamie Dewoody

said
over 1 year ago

^Yes. This please. The current alerts are worthless! Here are
the alerts we are getting:

Example 1

Event InformationEvent
Occurred2016-09-14T08:23:21URLVIPRE Business Agent
Anti-phishing removed a known bad URL from your email message. It was deleted
or quarantined and replaced with this message.

Neither of the examples give you any information that you
could investigate or from which to build policies. Next, if you double-click the
agent, go to Overview | History | Email and double-click any of the listings,
you get this unhelpful information:

Risk name: Blocked URL

Risk level: Moderate

Risk category: Misc

Description: Miscellaneous threats include applications that do not fit
into other categories or that fall into multiple categories. Miscellaneous
threats typically include some form of potentially objectionable functionality
that may pose privacy or security risks to users and their PCs.

Neither of the examples give you any information that you could investigate or from which to build policies. Next, if you double-click the agent, go to Overview | History | Email and double-click any of the listings, you get this unhelpful information:

Risk name: Blocked URL

Risk level: Moderate

Risk category: Misc

Description: Miscellaneous threats include applications that do not fit into other categories or that fall into multiple categories. Miscellaneous threats typically include some form of potentially objectionable functionality that may pose privacy or security risks to users and their PCs.